diff options
Diffstat (limited to 'roles/openshift_node_certificates')
| -rw-r--r-- | roles/openshift_node_certificates/handlers/main.yml | 16 | ||||
| -rw-r--r-- | roles/openshift_node_certificates/tasks/main.yml | 4 |
2 files changed, 14 insertions, 6 deletions
diff --git a/roles/openshift_node_certificates/handlers/main.yml b/roles/openshift_node_certificates/handlers/main.yml index 4abe8bcaf..ef66bf9ca 100644 --- a/roles/openshift_node_certificates/handlers/main.yml +++ b/roles/openshift_node_certificates/handlers/main.yml @@ -2,9 +2,21 @@ - name: update ca trust command: update-ca-trust notify: - - restart docker after updating ca trust + - check for container runtime after updating ca trust -- name: restart docker after updating ca trust +- name: check for container runtime after updating ca trust + command: > + systemctl -q is-active {{ openshift.docker.service_name }}.service + register: l_docker_installed + # An rc of 0 indicates that the container runtime service is + # running. We will restart it by notifying the restart handler since + # we have updated the system CA trust. + changed_when: l_docker_installed.rc == 0 + failed_when: false + notify: + - restart container runtime after updating ca trust + +- name: restart container runtime after updating ca trust systemd: name: "{{ openshift.docker.service_name }}" state: restarted diff --git a/roles/openshift_node_certificates/tasks/main.yml b/roles/openshift_node_certificates/tasks/main.yml index 1a775178d..97f1fbbdd 100644 --- a/roles/openshift_node_certificates/tasks/main.yml +++ b/roles/openshift_node_certificates/tasks/main.yml @@ -66,9 +66,7 @@ --signer-key={{ openshift_ca_key }} --signer-serial={{ openshift_ca_serial }} --user=system:node:{{ hostvars[item].openshift.common.hostname }} - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_node_cert_expire_days }} - {% endif %} args: creates: "{{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}" with_items: "{{ hostvars @@ -82,9 +80,7 @@ {{ hostvars[openshift_ca_host].openshift.common.client_binary }} adm ca create-server-cert --cert={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.crt --key={{ openshift_generated_configs_dir }}/node-{{ hostvars[item].openshift.common.hostname }}/server.key - {% if openshift_version | oo_version_gte_3_5_or_1_5(openshift.common.deployment_type) | bool %} --expire-days={{ openshift_node_cert_expire_days }} - {% endif %} --overwrite=true --hostnames={{ hostvars[item].openshift.common.hostname }},{{ hostvars[item].openshift.common.public_hostname }},{{ hostvars[item].openshift.common.ip }},{{ hostvars[item].openshift.common.public_ip }} --signer-cert={{ openshift_ca_cert }} |